00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 #include "polarssl/config.h"
00031
00032 #if defined(POLARSSL_RSA_C)
00033
00034 #include "polarssl/rsa.h"
00035
00036 #include <stdlib.h>
00037 #include <string.h>
00038 #include <stdio.h>
00039
00040
00041
00042
00043 void rsa_init( rsa_context *ctx,
00044 int padding,
00045 int hash_id,
00046 int (*f_rng)(void *),
00047 void *p_rng )
00048 {
00049 memset( ctx, 0, sizeof( rsa_context ) );
00050
00051 ctx->padding = padding;
00052 ctx->hash_id = hash_id;
00053
00054 ctx->f_rng = f_rng;
00055 ctx->p_rng = p_rng;
00056 }
00057
00058 #if defined(POLARSSL_GENPRIME)
00059
00060
00061
00062
00063 int rsa_gen_key( rsa_context *ctx, int nbits, int exponent )
00064 {
00065 int ret;
00066 mpi P1, Q1, H, G;
00067
00068 if( ctx->f_rng == NULL || nbits < 128 || exponent < 3 )
00069 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00070
00071 mpi_init( &P1, &Q1, &H, &G, NULL );
00072
00073
00074
00075
00076
00077 MPI_CHK( mpi_lset( &ctx->E, exponent ) );
00078
00079 do
00080 {
00081 MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
00082 ctx->f_rng, ctx->p_rng ) );
00083
00084 MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
00085 ctx->f_rng, ctx->p_rng ) );
00086
00087 if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
00088 mpi_swap( &ctx->P, &ctx->Q );
00089
00090 if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
00091 continue;
00092
00093 MPI_CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
00094 if( mpi_msb( &ctx->N ) != nbits )
00095 continue;
00096
00097 MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
00098 MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
00099 MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
00100 MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
00101 }
00102 while( mpi_cmp_int( &G, 1 ) != 0 );
00103
00104
00105
00106
00107
00108
00109
00110 MPI_CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) );
00111 MPI_CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
00112 MPI_CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
00113 MPI_CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
00114
00115 ctx->len = ( mpi_msb( &ctx->N ) + 7 ) >> 3;
00116
00117 cleanup:
00118
00119 mpi_free( &G, &H, &Q1, &P1, NULL );
00120
00121 if( ret != 0 )
00122 {
00123 rsa_free( ctx );
00124 return( POLARSSL_ERR_RSA_KEY_GEN_FAILED | ret );
00125 }
00126
00127 return( 0 );
00128 }
00129
00130 #endif
00131
00132
00133
00134
00135 int rsa_check_pubkey( rsa_context *ctx )
00136 {
00137 if( !ctx->N.p || !ctx->E.p )
00138 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
00139
00140 if( ( ctx->N.p[0] & 1 ) == 0 ||
00141 ( ctx->E.p[0] & 1 ) == 0 )
00142 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
00143
00144 if( mpi_msb( &ctx->N ) < 128 ||
00145 mpi_msb( &ctx->N ) > 4096 )
00146 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
00147
00148 if( mpi_msb( &ctx->E ) < 2 ||
00149 mpi_msb( &ctx->E ) > 64 )
00150 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
00151
00152 return( 0 );
00153 }
00154
00155
00156
00157
00158 int rsa_check_privkey( rsa_context *ctx )
00159 {
00160 int ret;
00161 mpi PQ, DE, P1, Q1, H, I, G;
00162
00163 if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
00164 return( ret );
00165
00166 if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
00167 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
00168
00169 mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL );
00170
00171 MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
00172 MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
00173 MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
00174 MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
00175 MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
00176 MPI_CHK( mpi_mod_mpi( &I, &DE, &H ) );
00177 MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
00178
00179 if( mpi_cmp_mpi( &PQ, &ctx->N ) == 0 &&
00180 mpi_cmp_int( &I, 1 ) == 0 &&
00181 mpi_cmp_int( &G, 1 ) == 0 )
00182 {
00183 mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
00184 return( 0 );
00185 }
00186
00187 cleanup:
00188
00189 mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
00190 return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED | ret );
00191 }
00192
00193
00194
00195
00196 int rsa_public( rsa_context *ctx,
00197 unsigned char *input,
00198 unsigned char *output )
00199 {
00200 int ret, olen;
00201 mpi T;
00202
00203 mpi_init( &T, NULL );
00204
00205 MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
00206
00207 if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
00208 {
00209 mpi_free( &T, NULL );
00210 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00211 }
00212
00213 olen = ctx->len;
00214 MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
00215 MPI_CHK( mpi_write_binary( &T, output, olen ) );
00216
00217 cleanup:
00218
00219 mpi_free( &T, NULL );
00220
00221 if( ret != 0 )
00222 return( POLARSSL_ERR_RSA_PUBLIC_FAILED | ret );
00223
00224 return( 0 );
00225 }
00226
00227
00228
00229
00230 int rsa_private( rsa_context *ctx,
00231 unsigned char *input,
00232 unsigned char *output )
00233 {
00234 int ret, olen;
00235 mpi T, T1, T2;
00236
00237 mpi_init( &T, &T1, &T2, NULL );
00238
00239 MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
00240
00241 if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
00242 {
00243 mpi_free( &T, NULL );
00244 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00245 }
00246
00247 #if 0
00248 MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
00249 #else
00250
00251
00252
00253
00254
00255
00256 MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
00257 MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
00258
00259
00260
00261
00262 MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
00263 MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
00264 MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
00265
00266
00267
00268
00269 MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
00270 MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
00271 #endif
00272
00273 olen = ctx->len;
00274 MPI_CHK( mpi_write_binary( &T, output, olen ) );
00275
00276 cleanup:
00277
00278 mpi_free( &T, &T1, &T2, NULL );
00279
00280 if( ret != 0 )
00281 return( POLARSSL_ERR_RSA_PRIVATE_FAILED | ret );
00282
00283 return( 0 );
00284 }
00285
00286
00287
00288
00289 int rsa_pkcs1_encrypt( rsa_context *ctx,
00290 int mode, int ilen,
00291 unsigned char *input,
00292 unsigned char *output )
00293 {
00294 int nb_pad, olen;
00295 unsigned char *p = output;
00296
00297 olen = ctx->len;
00298
00299 switch( ctx->padding )
00300 {
00301 case RSA_PKCS_V15:
00302
00303 if( ilen < 0 || olen < ilen + 11 )
00304 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00305
00306 nb_pad = olen - 3 - ilen;
00307
00308 *p++ = 0;
00309 *p++ = RSA_CRYPT;
00310
00311 while( nb_pad-- > 0 )
00312 {
00313 do {
00314 *p = (unsigned char) rand();
00315 } while( *p == 0 );
00316 p++;
00317 }
00318 *p++ = 0;
00319 memcpy( p, input, ilen );
00320 break;
00321
00322 default:
00323
00324 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00325 }
00326
00327 return( ( mode == RSA_PUBLIC )
00328 ? rsa_public( ctx, output, output )
00329 : rsa_private( ctx, output, output ) );
00330 }
00331
00332
00333
00334
00335 int rsa_pkcs1_decrypt( rsa_context *ctx,
00336 int mode, int *olen,
00337 unsigned char *input,
00338 unsigned char *output,
00339 int output_max_len)
00340 {
00341 int ret, ilen;
00342 unsigned char *p;
00343 unsigned char buf[1024];
00344
00345 ilen = ctx->len;
00346
00347 if( ilen < 16 || ilen > (int) sizeof( buf ) )
00348 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00349
00350 ret = ( mode == RSA_PUBLIC )
00351 ? rsa_public( ctx, input, buf )
00352 : rsa_private( ctx, input, buf );
00353
00354 if( ret != 0 )
00355 return( ret );
00356
00357 p = buf;
00358
00359 switch( ctx->padding )
00360 {
00361 case RSA_PKCS_V15:
00362
00363 if( *p++ != 0 || *p++ != RSA_CRYPT )
00364 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00365
00366 while( *p != 0 )
00367 {
00368 if( p >= buf + ilen - 1 )
00369 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00370 p++;
00371 }
00372 p++;
00373 break;
00374
00375 default:
00376
00377 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00378 }
00379
00380 if (ilen - (int)(p - buf) > output_max_len)
00381 return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
00382
00383 *olen = ilen - (int)(p - buf);
00384 memcpy( output, p, *olen );
00385
00386 return( 0 );
00387 }
00388
00389
00390
00391
00392 int rsa_pkcs1_sign( rsa_context *ctx,
00393 int mode,
00394 int hash_id,
00395 int hashlen,
00396 unsigned char *hash,
00397 unsigned char *sig )
00398 {
00399 int nb_pad, olen;
00400 unsigned char *p = sig;
00401
00402 olen = ctx->len;
00403
00404 switch( ctx->padding )
00405 {
00406 case RSA_PKCS_V15:
00407
00408 switch( hash_id )
00409 {
00410 case SIG_RSA_RAW:
00411 nb_pad = olen - 3 - hashlen;
00412 break;
00413
00414 case SIG_RSA_MD2:
00415 case SIG_RSA_MD4:
00416 case SIG_RSA_MD5:
00417 nb_pad = olen - 3 - 34;
00418 break;
00419
00420 case SIG_RSA_SHA1:
00421 nb_pad = olen - 3 - 35;
00422 break;
00423
00424 case SIG_RSA_SHA224:
00425 nb_pad = olen - 3 - 47;
00426 break;
00427
00428 case SIG_RSA_SHA256:
00429 nb_pad = olen - 3 - 51;
00430 break;
00431
00432 case SIG_RSA_SHA384:
00433 nb_pad = olen - 3 - 67;
00434 break;
00435
00436 case SIG_RSA_SHA512:
00437 nb_pad = olen - 3 - 83;
00438 break;
00439
00440
00441 default:
00442 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00443 }
00444
00445 if( nb_pad < 8 )
00446 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00447
00448 *p++ = 0;
00449 *p++ = RSA_SIGN;
00450 memset( p, 0xFF, nb_pad );
00451 p += nb_pad;
00452 *p++ = 0;
00453 break;
00454
00455 default:
00456
00457 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00458 }
00459
00460 switch( hash_id )
00461 {
00462 case SIG_RSA_RAW:
00463 memcpy( p, hash, hashlen );
00464 break;
00465
00466 case SIG_RSA_MD2:
00467 memcpy( p, ASN1_HASH_MDX, 18 );
00468 memcpy( p + 18, hash, 16 );
00469 p[13] = 2; break;
00470
00471 case SIG_RSA_MD4:
00472 memcpy( p, ASN1_HASH_MDX, 18 );
00473 memcpy( p + 18, hash, 16 );
00474 p[13] = 4; break;
00475
00476 case SIG_RSA_MD5:
00477 memcpy( p, ASN1_HASH_MDX, 18 );
00478 memcpy( p + 18, hash, 16 );
00479 p[13] = 5; break;
00480
00481 case SIG_RSA_SHA1:
00482 memcpy( p, ASN1_HASH_SHA1, 15 );
00483 memcpy( p + 15, hash, 20 );
00484 break;
00485
00486 case SIG_RSA_SHA224:
00487 memcpy( p, ASN1_HASH_SHA2X, 19 );
00488 memcpy( p + 19, hash, 28 );
00489 p[1] += 28; p[14] = 4; p[18] += 28; break;
00490
00491 case SIG_RSA_SHA256:
00492 memcpy( p, ASN1_HASH_SHA2X, 19 );
00493 memcpy( p + 19, hash, 32 );
00494 p[1] += 32; p[14] = 1; p[18] += 32; break;
00495
00496 case SIG_RSA_SHA384:
00497 memcpy( p, ASN1_HASH_SHA2X, 19 );
00498 memcpy( p + 19, hash, 48 );
00499 p[1] += 48; p[14] = 2; p[18] += 48; break;
00500
00501 case SIG_RSA_SHA512:
00502 memcpy( p, ASN1_HASH_SHA2X, 19 );
00503 memcpy( p + 19, hash, 64 );
00504 p[1] += 64; p[14] = 3; p[18] += 64; break;
00505
00506 default:
00507 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00508 }
00509
00510 return( ( mode == RSA_PUBLIC )
00511 ? rsa_public( ctx, sig, sig )
00512 : rsa_private( ctx, sig, sig ) );
00513 }
00514
00515
00516
00517
00518 int rsa_pkcs1_verify( rsa_context *ctx,
00519 int mode,
00520 int hash_id,
00521 int hashlen,
00522 unsigned char *hash,
00523 unsigned char *sig )
00524 {
00525 int ret, len, siglen;
00526 unsigned char *p, c;
00527 unsigned char buf[1024];
00528
00529 siglen = ctx->len;
00530
00531 if( siglen < 16 || siglen > (int) sizeof( buf ) )
00532 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
00533
00534 ret = ( mode == RSA_PUBLIC )
00535 ? rsa_public( ctx, sig, buf )
00536 : rsa_private( ctx, sig, buf );
00537
00538 if( ret != 0 )
00539 return( ret );
00540
00541 p = buf;
00542
00543 switch( ctx->padding )
00544 {
00545 case RSA_PKCS_V15:
00546
00547 if( *p++ != 0 || *p++ != RSA_SIGN )
00548 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00549
00550 while( *p != 0 )
00551 {
00552 if( p >= buf + siglen - 1 || *p != 0xFF )
00553 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00554 p++;
00555 }
00556 p++;
00557 break;
00558
00559 default:
00560
00561 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00562 }
00563
00564 len = siglen - (int)( p - buf );
00565
00566 if( len == 34 )
00567 {
00568 c = p[13];
00569 p[13] = 0;
00570
00571 if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 )
00572 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
00573
00574 if( ( c == 2 && hash_id == SIG_RSA_MD2 ) ||
00575 ( c == 4 && hash_id == SIG_RSA_MD4 ) ||
00576 ( c == 5 && hash_id == SIG_RSA_MD5 ) )
00577 {
00578 if( memcmp( p + 18, hash, 16 ) == 0 )
00579 return( 0 );
00580 else
00581 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
00582 }
00583 }
00584
00585 if( len == 35 && hash_id == SIG_RSA_SHA1 )
00586 {
00587 if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 &&
00588 memcmp( p + 15, hash, 20 ) == 0 )
00589 return( 0 );
00590 else
00591 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
00592 }
00593 if( ( len == 19 + 28 && p[14] == 4 && hash_id == SIG_RSA_SHA224 ) ||
00594 ( len == 19 + 32 && p[14] == 1 && hash_id == SIG_RSA_SHA256 ) ||
00595 ( len == 19 + 48 && p[14] == 2 && hash_id == SIG_RSA_SHA384 ) ||
00596 ( len == 19 + 64 && p[14] == 3 && hash_id == SIG_RSA_SHA512 ) )
00597 {
00598 c = p[1] - 17;
00599 p[1] = 17;
00600 p[14] = 0;
00601
00602 if( p[18] == c &&
00603 memcmp( p, ASN1_HASH_SHA2X, 18 ) == 0 &&
00604 memcmp( p + 19, hash, c ) == 0 )
00605 return( 0 );
00606 else
00607 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
00608 }
00609
00610 if( len == hashlen && hash_id == SIG_RSA_RAW )
00611 {
00612 if( memcmp( p, hash, hashlen ) == 0 )
00613 return( 0 );
00614 else
00615 return( POLARSSL_ERR_RSA_VERIFY_FAILED );
00616 }
00617
00618 return( POLARSSL_ERR_RSA_INVALID_PADDING );
00619 }
00620
00621
00622
00623
00624 void rsa_free( rsa_context *ctx )
00625 {
00626 mpi_free( &ctx->RQ, &ctx->RP, &ctx->RN,
00627 &ctx->QP, &ctx->DQ, &ctx->DP,
00628 &ctx->Q, &ctx->P, &ctx->D,
00629 &ctx->E, &ctx->N, NULL );
00630 }
00631
00632 #if defined(POLARSSL_SELF_TEST)
00633
00634 #include "polarssl/sha1.h"
00635
00636
00637
00638
00639 #define KEY_LEN 128
00640
00641 #define RSA_N "9292758453063D803DD603D5E777D788" \
00642 "8ED1D5BF35786190FA2F23EBC0848AEA" \
00643 "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
00644 "7130B9CED7ACDF54CFC7555AC14EEBAB" \
00645 "93A89813FBF3C4F8066D2D800F7C38A8" \
00646 "1AE31942917403FF4946B0A83D3D3E05" \
00647 "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
00648 "5E94BB77B07507233A0BC7BAC8F90F79"
00649
00650 #define RSA_E "10001"
00651
00652 #define RSA_D "24BF6185468786FDD303083D25E64EFC" \
00653 "66CA472BC44D253102F8B4A9D3BFA750" \
00654 "91386C0077937FE33FA3252D28855837" \
00655 "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
00656 "DF79C5CE07EE72C7F123142198164234" \
00657 "CABB724CF78B8173B9F880FC86322407" \
00658 "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
00659 "071513A1E85B5DFA031F21ECAE91A34D"
00660
00661 #define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
00662 "2C01CAD19EA484A87EA4377637E75500" \
00663 "FCB2005C5C7DD6EC4AC023CDA285D796" \
00664 "C3D9E75E1EFC42488BB4F1D13AC30A57"
00665
00666 #define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
00667 "E211C2B9E5DB1ED0BF61D0D9899620F4" \
00668 "910E4168387E3C30AA1E00C339A79508" \
00669 "8452DD96A9A5EA5D9DCA68DA636032AF"
00670
00671 #define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
00672 "3C94D22288ACD763FD8E5600ED4A702D" \
00673 "F84198A5F06C2E72236AE490C93F07F8" \
00674 "3CC559CD27BC2D1CA488811730BB5725"
00675
00676 #define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
00677 "D8AAEA56749EA28623272E4F7D0592AF" \
00678 "7C1F1313CAC9471B5C523BFE592F517B" \
00679 "407A1BD76C164B93DA2D32A383E58357"
00680
00681 #define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
00682 "F38D18D2B2F0E2DD275AA977E2BF4411" \
00683 "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
00684 "A74206CEC169D74BF5A8C50D6F48EA08"
00685
00686 #define PT_LEN 24
00687 #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
00688 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
00689
00690
00691
00692
00693 int rsa_self_test( int verbose )
00694 {
00695 int len;
00696 rsa_context rsa;
00697 unsigned char sha1sum[20];
00698 unsigned char rsa_plaintext[PT_LEN];
00699 unsigned char rsa_decrypted[PT_LEN];
00700 unsigned char rsa_ciphertext[KEY_LEN];
00701
00702 memset( &rsa, 0, sizeof( rsa_context ) );
00703
00704 rsa.len = KEY_LEN;
00705 mpi_read_string( &rsa.N , 16, RSA_N );
00706 mpi_read_string( &rsa.E , 16, RSA_E );
00707 mpi_read_string( &rsa.D , 16, RSA_D );
00708 mpi_read_string( &rsa.P , 16, RSA_P );
00709 mpi_read_string( &rsa.Q , 16, RSA_Q );
00710 mpi_read_string( &rsa.DP, 16, RSA_DP );
00711 mpi_read_string( &rsa.DQ, 16, RSA_DQ );
00712 mpi_read_string( &rsa.QP, 16, RSA_QP );
00713
00714 if( verbose != 0 )
00715 printf( " RSA key validation: " );
00716
00717 if( rsa_check_pubkey( &rsa ) != 0 ||
00718 rsa_check_privkey( &rsa ) != 0 )
00719 {
00720 if( verbose != 0 )
00721 printf( "failed\n" );
00722
00723 return( 1 );
00724 }
00725
00726 if( verbose != 0 )
00727 printf( "passed\n PKCS#1 encryption : " );
00728
00729 memcpy( rsa_plaintext, RSA_PT, PT_LEN );
00730
00731 if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN,
00732 rsa_plaintext, rsa_ciphertext ) != 0 )
00733 {
00734 if( verbose != 0 )
00735 printf( "failed\n" );
00736
00737 return( 1 );
00738 }
00739
00740 if( verbose != 0 )
00741 printf( "passed\n PKCS#1 decryption : " );
00742
00743 if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
00744 rsa_ciphertext, rsa_decrypted,
00745 sizeof(rsa_decrypted) ) != 0 )
00746 {
00747 if( verbose != 0 )
00748 printf( "failed\n" );
00749
00750 return( 1 );
00751 }
00752
00753 if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
00754 {
00755 if( verbose != 0 )
00756 printf( "failed\n" );
00757
00758 return( 1 );
00759 }
00760
00761 if( verbose != 0 )
00762 printf( "passed\n PKCS#1 data sign : " );
00763
00764 sha1( rsa_plaintext, PT_LEN, sha1sum );
00765
00766 if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1, 20,
00767 sha1sum, rsa_ciphertext ) != 0 )
00768 {
00769 if( verbose != 0 )
00770 printf( "failed\n" );
00771
00772 return( 1 );
00773 }
00774
00775 if( verbose != 0 )
00776 printf( "passed\n PKCS#1 sig. verify: " );
00777
00778 if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20,
00779 sha1sum, rsa_ciphertext ) != 0 )
00780 {
00781 if( verbose != 0 )
00782 printf( "failed\n" );
00783
00784 return( 1 );
00785 }
00786
00787 if( verbose != 0 )
00788 printf( "passed\n\n" );
00789
00790 rsa_free( &rsa );
00791
00792 return( 0 );
00793 }
00794
00795 #endif
00796
00797 #endif